Description
The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.
Affected products
References
- VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-827
- VENDOR_ADVISORYhttp://secunia.com/advisories/17018
- VENDOR_ADVISORYhttp://secunia.com/advisories/16995/
- MISChttp://www.securityfocus.com/bid/14978
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/22461